++ fix: update .env.example and README.md, add CreateInitialAdmin command, update docker-compose.yml and entrypoint.sh, remove old CSS file and update manifest.json

.env.example

@@ -8,6 +8,10 @@ APP_URL=http://localhost:8080
 APP_PORT=8080
 SEED_DEV_DATA=false
 RUN_DB_SEED_ON_FIRST_START=true
+ENSURE_INITIAL_ADMIN_ON_EMPTY_DB=true
+INITIAL_ADMIN_NAME=
+INITIAL_ADMIN_EMAIL=
+INITIAL_ADMIN_PASSWORD=
 
 DB_CONNECTION=mysql
 DB_HOST=mariadb

README.md

@@ -104,6 +104,7 @@ Al primo avvio del container `app` vengono eseguiti automaticamente:
 - install/build dipendenze
 - `php artisan migrate --force`
 - `php artisan db:seed --force` **solo al primo avvio** (marker persistente)
+- creazione admin iniziale se il database non ha utenti
 
 > **Nota**: La `APP_KEY` viene generata automaticamente al primo avvio se assente nel `.env`.
 
@@ -131,6 +132,10 @@ docker compose up -d --build
 | `APP_PORT`            | `8080`               | Porta host per l'applicazione            |
 | `SEED_DEV_DATA`       | `false`              | Se `true`, `php artisan db:seed` include anche i dati demo |
 | `RUN_DB_SEED_ON_FIRST_START` | `true`        | Se `true`, esegue il seed automatico solo al primo avvio container |
+| `ENSURE_INITIAL_ADMIN_ON_EMPTY_DB` | `true`  | Se `true`, richiede/crea admin iniziale quando non esistono utenti |
+| `INITIAL_ADMIN_NAME`  | vuoto                | Nome admin creato al primo avvio         |
+| `INITIAL_ADMIN_EMAIL` | vuoto                | Email admin creata al primo avvio        |
+| `INITIAL_ADMIN_PASSWORD` | vuoto             | Password admin creata al primo avvio (min 8) |
 | `DB_DATABASE`         | `termanager2`        | Nome database MariaDB                    |
 | `DB_USERNAME`         | `termanager2`        | Utente database                          |
 | `DB_PASSWORD`         | `secret`             | Password database                        |
@@ -144,15 +149,15 @@ docker compose up -d --build
 
 La configurazione viene gestita dalla sezione **Impostazioni** (menu amministrazione), senza wizard iniziale.
 
-### Utenti di sviluppo (DevSeeder)
+### Credenziali iniziali
 
-| Ruolo          | Email                   | Password   |
+Le credenziali non sono hardcoded nel progetto. Al primo avvio devi impostare in `.env`:
-|----------------|-------------------------|------------|
-| Amministratore | admin@termanager2.local | `password` |
-| Assistente     | assistente@termanager2.local | `password` |
-| Operatore      | operatore@termanager2.local  | `password` |
 
-> **Attenzione**: cambiare le password prima di qualsiasi uso in produzione.
+- `INITIAL_ADMIN_NAME`
+- `INITIAL_ADMIN_EMAIL`
+- `INITIAL_ADMIN_PASSWORD`
+
+Se il database e vuoto e queste variabili non sono valorizzate, il container `app` interrompe l'avvio con errore esplicito.
 
 ---
 

app/Console/Commands/CreateInitialAdmin.php

@@ -0,0 +1,78 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\User;
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Validator;
+
+class CreateInitialAdmin extends Command
+{
+    protected $signature = 'app:create-initial-admin
+        {--name= : Admin full name}
+        {--email= : Admin email}
+        {--password= : Admin password}
+        {--from-env : Read credentials from INITIAL_ADMIN_* environment variables}';
+
+    protected $description = 'Create the initial administrator account when no users exist';
+
+    public function handle(): int
+    {
+        if (User::count() > 0) {
+            $this->info('Users already exist. Skipping initial admin creation.');
+            return self::SUCCESS;
+        }
+
+        $name = (string) ($this->option('name') ?? '');
+        $email = (string) ($this->option('email') ?? '');
+        $password = (string) ($this->option('password') ?? '');
+
+        if ($this->option('from-env')) {
+            $name = (string) env('INITIAL_ADMIN_NAME', $name);
+            $email = (string) env('INITIAL_ADMIN_EMAIL', $email);
+            $password = (string) env('INITIAL_ADMIN_PASSWORD', $password);
+        }
+
+        if ($name === '' || $email === '' || $password === '') {
+            if (! $this->input->isInteractive()) {
+                $this->error('Missing initial admin credentials. Set INITIAL_ADMIN_NAME, INITIAL_ADMIN_EMAIL and INITIAL_ADMIN_PASSWORD.');
+                return self::FAILURE;
+            }
+
+            $name = $name !== '' ? $name : $this->ask('Nome amministratore');
+            $email = $email !== '' ? $email : $this->ask('Email amministratore');
+            $password = $password !== '' ? $password : (string) $this->secret('Password amministratore (min 8 caratteri)');
+        }
+
+        $validator = Validator::make([
+            'name' => $name,
+            'email' => $email,
+            'password' => $password,
+        ], [
+            'name' => ['required', 'string', 'max:255'],
+            'email' => ['required', 'email', 'max:255', 'unique:users,email'],
+            'password' => ['required', 'string', 'min:8'],
+        ]);
+
+        if ($validator->fails()) {
+            foreach ($validator->errors()->all() as $error) {
+                $this->error($error);
+            }
+
+            return self::FAILURE;
+        }
+
+        $admin = User::create([
+            'name' => $name,
+            'email' => $email,
+            'password' => Hash::make($password),
+        ]);
+
+        $admin->assignRole('amministratore');
+
+        $this->info("Initial admin created: {$admin->email}");
+
+        return self::SUCCESS;
+    }
+}

docker-compose.yml

@@ -25,6 +25,10 @@ services:
       - PHP_OPCACHE_VALIDATE_TIMESTAMPS=1
       - SEED_DEV_DATA=${SEED_DEV_DATA:-false}
       - RUN_DB_SEED_ON_FIRST_START=${RUN_DB_SEED_ON_FIRST_START:-true}
+      - ENSURE_INITIAL_ADMIN_ON_EMPTY_DB=${ENSURE_INITIAL_ADMIN_ON_EMPTY_DB:-true}
+      - INITIAL_ADMIN_NAME=${INITIAL_ADMIN_NAME:-}
+      - INITIAL_ADMIN_EMAIL=${INITIAL_ADMIN_EMAIL:-}
+      - INITIAL_ADMIN_PASSWORD=${INITIAL_ADMIN_PASSWORD:-}
 
   nginx:
     build:

docker/php/entrypoint.sh

@@ -176,6 +176,21 @@ else
     echo "[i] RUN_DB_SEED_ON_FIRST_START=false, skipping automatic seed."
 fi
 
+# -----------------------------------------------
+# 7c. Ensure initial admin exists (first startup)
+# -----------------------------------------------
+ENSURE_INITIAL_ADMIN_ON_EMPTY_DB="${ENSURE_INITIAL_ADMIN_ON_EMPTY_DB:-true}"
+
+if [ "$ENSURE_INITIAL_ADMIN_ON_EMPTY_DB" = "true" ]; then
+    echo "[*] Ensuring initial administrator account..."
+    if ! php artisan app:create-initial-admin --from-env --no-interaction; then
+        warn "Initial admin creation failed. Set INITIAL_ADMIN_NAME, INITIAL_ADMIN_EMAIL and INITIAL_ADMIN_PASSWORD."
+        exit 1
+    fi
+else
+    echo "[i] ENSURE_INITIAL_ADMIN_ON_EMPTY_DB=false, skipping initial admin creation check."
+fi
+
 # -----------------------------------------------
 # 8. Cache config/routes/views
 # -----------------------------------------------

public/build/manifest.json

@@ -1,6 +1,6 @@
 {
   "resources/css/app.css": {
-    "file": "assets/app-Cnyz0W61.css",
+    "file": "assets/app-DTUtvTBm.css",
     "src": "resources/css/app.css",
     "isEntry": true
   },